Changeset 25115


Ignore:
Timestamp:
Oct 24, 2013, 12:01:35 PM (11 years ago)
Author:
mistic100
Message:

two new options for API methods : 'admin_only' and 'post_only'

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/ws_core.inc.php

    r25077 r25115  
    325325   * @param include_file string - a file to be included befaore the callback is executed
    326326   * @param options array
    327    *    @option bool hidden (hidden) - if true, this method won't be visible by reflection.getMethodList
     327   *    @option bool hidden (optional) - if true, this method won't be visible by reflection.getMethodList
     328   *    @option bool admin_only (optional)
     329   *    @option bool post_only (optional)
    328330   */
    329331  function addMethod($methodName, $callback, $params=array(), $description='', $include_file='', $options=array())
     
    389391  }
    390392
    391   /*static*/ function isPost()
     393  static function isPost()
    392394  {
    393395    return isset($HTTP_RAW_POST_DATA) or !empty($_POST);
     
    510512    {
    511513      return new PwgError(WS_ERR_INVALID_METHOD, 'Method name is not valid');
     514    }
     515   
     516    if ( isset($method['options']['post_only']) and $method['options']['post_only'] and !self::isPost() )
     517    {
     518      return new PwgError(405, 'This method requires HTTP POST');
     519    }
     520   
     521    if ( isset($method['options']['admin_only']) and $method['options']['admin_only'] and !is_admin() )
     522    {
     523      return new PwgError(401, 'Access denied');
    512524    }
    513525

  • trunk/include/ws_functions.inc.php

    r25077 r25115  
    209209function ws_getMissingDerivatives($params, $service)
    210210{
    211   if (!is_admin())
    212   {
    213     return new PwgError(403, 'Forbidden');
    214   }
    215 
    216211  if ( empty($params['types']) )
    217212  {
     
    320315function ws_getInfos($params, $service)
    321316{
    322   if (!is_admin())
    323   {
    324     return new PwgError(403, 'Forbidden');
    325   }
    326 
    327317  $infos['version'] = PHPWG_VERSION;
    328318
     
    384374function ws_caddie_add($params, $service)
    385375{
    386   if (!is_admin())
    387   {
    388     return new PwgError(401, 'Access denied');
    389   }
    390376  global $user;
    391377  $query = '
     
    881867function ws_categories_getAdminList($params, $service)
    882868{
    883   if (!is_admin())
    884   {
    885     return new PwgError(401, 'Access denied');
    886   }
    887 
    888869  $query = '
    889870SELECT
     
    949930function ws_images_addComment($params, $service)
    950931{
    951   if (!$service->isPost())
    952   {
    953     return new PwgError(405, "This method requires HTTP POST");
    954   }
    955 
    956932  $query = '
    957933SELECT DISTINCT image_id
     
    12951271function ws_images_setPrivacyLevel($params, $service)
    12961272{
    1297   if (!is_admin())
    1298   {
    1299     return new PwgError(401, 'Access denied');
    1300   }
    1301   if (!$service->isPost())
    1302   {
    1303     return new PwgError(405, "This method requires HTTP POST");
    1304   }
    13051273  global $conf;
    13061274  if ( !in_array($params['level'], $conf['available_permission_levels']) )
     
    13251293function ws_images_setRank($params, $service)
    13261294{
    1327   if (!is_admin())
    1328   {
    1329     return new PwgError(401, 'Access denied');
    1330   }
    1331 
    1332   if (!$service->isPost())
    1333   {
    1334     return new PwgError(405, "This method requires HTTP POST");
    1335   }
    1336 
    13371295  // does the image really exist?
    13381296  $query='
     
    14191377  // position
    14201378
    1421   if (!is_admin())
    1422   {
    1423     return new PwgError(401, 'Access denied');
    1424   }
    1425 
    1426   if (!$service->isPost())
    1427   {
    1428     return new PwgError(405, "This method requires HTTP POST");
    1429   }
    1430 
    14311379  foreach ($params as $param_key => $param_value) {
    14321380    if ('data' == $param_key) {
     
    15771525
    15781526  global $conf;
    1579   if (!is_admin())
    1580   {
    1581     return new PwgError(401, 'Access denied');
    1582   }
    15831527
    15841528  //
     
    16631607{
    16641608  global $conf, $user;
    1665   if (!is_admin())
    1666   {
    1667     return new PwgError(401, 'Access denied');
    1668   }
    16691609
    16701610  foreach ($params as $param_key => $param_value) {
     
    18171757{
    18181758  global $conf;
    1819   if (!is_admin())
    1820   {
    1821     return new PwgError(401, 'Access denied');
    1822   }
    1823 
    1824   if (!$service->isPost())
    1825   {
    1826     return new PwgError(405, "This method requires HTTP POST");
    1827   }
    18281759
    18291760  if (!isset($_FILES['image']))
     
    19391870function ws_rates_delete($params, $service)
    19401871{
    1941   global $conf;
    1942 
    1943   if (!$service->isPost())
    1944   {
    1945     return new PwgError(405, 'This method requires HTTP POST');
    1946   }
    1947 
    1948   if (!is_admin())
    1949   {
    1950     return new PwgError(401, 'Access denied');
    1951   }
    1952 
    19531872  $query = '
    19541873DELETE FROM '.RATE_TABLE.'
     
    19751894function ws_session_login($params, $service)
    19761895{
    1977   global $conf;
    1978 
    1979   if (!$service->isPost())
    1980   {
    1981     return new PwgError(405, "This method requires HTTP POST");
    1982   }
    19831896  if (try_log_user($params['username'], $params['password'],false))
    19841897  {
     
    20571970function ws_tags_getAdminList($params, $service)
    20581971{
    2059   if (!is_admin())
    2060   {
    2061     return new PwgError(401, 'Access denied');
    2062   }
    2063 
    20641972  $tags = get_all_tags();
    20651973  return array(
     
    22292137function ws_tags_add($params, $service)
    22302138{
    2231   if (!is_admin())
    2232   {
    2233     return new PwgError(401, 'Access denied');
    2234   }
    2235 
    22362139  include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
    22372140
     
    22512154
    22522155  global $conf;
    2253 
    2254   if (!is_admin())
    2255   {
    2256     return new PwgError(401, 'Access denied');
    2257   }
    22582156
    22592157  $split_pattern = '/[\s,;\|]/';
     
    23292227  ws_logfile(__FUNCTION__.', input :  '.var_export($params, true));
    23302228
    2331   if (!is_admin())
    2332   {
    2333     return new PwgError(401, 'Access denied');
    2334   }
    2335 
    23362229  // input parameters
    23372230  //
     
    23952288{
    23962289  global $conf;
    2397   if (!is_admin())
    2398   {
    2399     return new PwgError(401, 'Access denied');
    2400   }
    2401 
    2402   if (!$service->isPost())
    2403   {
    2404     return new PwgError(405, "This method requires HTTP POST");
    2405   }
    24062290
    24072291  include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
     
    25352419{
    25362420  global $conf;
    2537   if (!is_admin())
    2538   {
    2539     return new PwgError(401, 'Access denied');
    2540   }
    2541 
    2542   if (!$service->isPost())
    2543   {
    2544     return new PwgError(405, "This method requires HTTP POST");
    2545   }
    25462421
    25472422  if (get_pwg_token() != $params['pwg_token'])
     
    27272602{
    27282603  global $conf;
    2729   if (!is_admin())
    2730   {
    2731     return new PwgError(401, 'Access denied');
    2732   }
    2733 
    2734   if (!$service->isPost())
    2735   {
    2736     return new PwgError(405, "This method requires HTTP POST");
    2737   }
    27382604
    27392605  // category_id
     
    27742640{
    27752641  global $conf;
    2776 
    2777   if (!is_admin())
    2778   {
    2779     return new PwgError(401, 'Access denied');
    2780   }
    2781 
    2782   if (!$service->isPost())
    2783   {
    2784     return new PwgError(405, "This method requires HTTP POST");
    2785   }
    27862642
    27872643  // category_id
     
    28322688{
    28332689  global $conf;
    2834   if (!is_admin())
    2835   {
    2836     return new PwgError(401, 'Access denied');
    2837   }
    2838 
    2839   if (!$service->isPost())
    2840   {
    2841     return new PwgError(405, "This method requires HTTP POST");
    2842   }
    28432690
    28442691  if (get_pwg_token() != $params['pwg_token'])
     
    29032750{
    29042751  global $conf, $page;
    2905 
    2906   if (!is_admin())
    2907   {
    2908     return new PwgError(401, 'Access denied');
    2909   }
    2910 
    2911   if (!$service->isPost())
    2912   {
    2913     return new PwgError(405, "This method requires HTTP POST");
    2914   }
    29152752
    29162753  if (get_pwg_token() != $params['pwg_token'])
     
    30362873  global $conf;
    30372874
    3038   if (!is_admin())
    3039   {
    3040     return new PwgError(401, 'Access denied');
    3041   }
    3042 
    30432875  include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php');
    30442876  $ret['message'] = ready_for_upload_message();
     
    30562888{
    30572889  global $conf;
    3058 
    3059   if (!is_admin())
    3060   {
    3061     return new PwgError(401, 'Access denied');
    3062   }
    30632890
    30642891  include_once(PHPWG_ROOT_PATH.'admin/include/plugins.class.php');
     
    30952922  global $template;
    30962923
    3097   if (!is_admin())
    3098   {
    3099     return new PwgError(401, 'Access denied');
    3100   }
    3101 
    31022924  if (get_pwg_token() != $params['pwg_token'])
    31032925  {
     
    31282950{
    31292951  global $template;
    3130 
    3131   if (!is_admin())
    3132   {
    3133     return new PwgError(401, 'Access denied');
    3134   }
    31352952
    31362953  if (get_pwg_token() != $params['pwg_token'])
     
    33063123  $update = new updates();
    33073124
    3308   if (!is_admin())
    3309   {
    3310     return new PwgError(401, 'Access denied');
    3311   }
    3312 
    33133125  $result = array();
    33143126

  • trunk/ws.php

    r25077 r25115  
    136136      'ws_getInfos',
    137137      null,
    138       '<b>Admin only.</b> Returns general informations.'
     138      '<b>Admin only.</b> Returns general informations.',
     139      null,
     140      array('admin_only'=>true)
    139141    );
    140142
     
    146148                           'type'=>WS_TYPE_ID),
    147149        ),
    148       '<b>Admin only.</b> Adds elements to the caddie. Returns the number of elements added.'
     150      '<b>Admin only.</b> Adds elements to the caddie. Returns the number of elements added.',
     151      null,
     152      array('admin_only'=>true)
    149153    );
    150154
     
    205209                                'type'=>WS_TYPE_INT|WS_TYPE_POSITIVE),
    206210        ), $f_params),
    207       '<b>Admin only.</b> Returns a list of derivatives to build.'
     211      '<b>Admin only.</b> Returns a list of derivatives to build.',
     212      null,
     213      array('admin_only'=>true)
    208214    );
    209215
     
    217223        'key' =>      array(),
    218224        ),
    219       '<b>POST only.</b> Adds a comment to an image.'
     225      '<b>POST only.</b> Adds a comment to an image.',
     226      null,
     227      array('post_only'=>true)
    220228    );
    221229
     
    269277                            'type'=>WS_TYPE_INT|WS_TYPE_POSITIVE),
    270278        ),
    271       '<b>Admin & POST only.</b> Sets the privacy levels for the images.'
     279      '<b>Admin & POST only.</b> Sets the privacy levels for the images.',
     280      null,
     281      array('admin_only'=>true, 'post_only'=>true)
    272282    );
    273283
     
    280290        'rank'        => array('type'=>WS_TYPE_INT|WS_TYPE_POSITIVE|WS_TYPE_NOTNULL)
    281291        ),
    282       '<b>Admin & POST only.</b> Sets the rank of a photo for a given album.'
     292      '<b>Admin & POST only.</b> Sets the rank of a photo for a given album.',
     293      null,
     294      array('admin_only'=>true, 'post_only'=>true)
    283295    );
    284296
     
    290302        'anonymous_id' => array('default'=>null),
    291303        ),
    292       '<b>Admin & POST only.</b> Deletes all rates for a user.'
     304      '<b>Admin & POST only.</b> Deletes all rates for a user.',
     305      null,
     306      array('admin_only'=>true, 'post_only'=>true)
    293307    );
    294308
     
    304318      'ws_session_login',
    305319      array('username', 'password'),
    306       '<b>POST only.</b> Tries to login the user.'
     320      '<b>POST only.</b> Tries to login the user.',
     321      null,
     322      array('post_only'=>true)
    307323    );
    308324
     
    358374        'position' =>     array()
    359375        ),
    360       '<b>Admin & POST only.</b> Add a chunk of a file.'
     376      '<b>Admin & POST only.</b> Add a chunk of a file.',
     377      null,
     378      array('admin_only'=>true, 'post_only'=>true)
    361379    );
    362380
     
    371389        ),
    372390      '<b>Admin only.</b> Add or update a file for an existing photo.
    373 <br>pwg.images.addChunk must have been called before (maybe several times).'
     391<br>pwg.images.addChunk must have been called before (maybe several times).',
     392      null,
     393      array('admin_only'=>true)
    374394    );
    375395
     
    402422      '<b>Admin only.</b> Add an image.
    403423<br>pwg.images.addChunk must have been called before (maybe several times).
    404 <br>Don\'t use "thumbnail_sum" and "high_sum", these parameters are here for backward compatibility.'
     424<br>Don\'t use "thumbnail_sum" and "high_sum", these parameters are here for backward compatibility.',
     425      null,
     426      array('admin_only'=>true)
    405427    );
    406428
     
    426448<br>Use the <b>$_FILES[image]</b> field for uploading file.
    427449<br>Set the form encoding to "form-data".
    428 <br>You can update an existing photo if you define an existing image_id.'
     450<br>You can update an existing photo if you define an existing image_id.',
     451      null,
     452      array('admin_only'=>true, 'post_only'=>true)
    429453    );
    430454
     
    436460        'pwg_token' =>  array(),
    437461        ),
    438       '<b>Admin & POST only.</b> Deletes image(s).'
     462      '<b>Admin & POST only.</b> Deletes image(s).',
     463      null,
     464      array('admin_only'=>true, 'post_only'=>true)
    439465    );
    440466
     
    443469      'ws_categories_getAdminList',
    444470      null,
    445       '<b>Admin only.</b>'
     471      '<b>Admin only.</b>',
     472      null,
     473      array('admin_only'=>true)
    446474    );
    447475
     
    474502      '<b>Admin & POST only.</b> Deletes album(s).
    475503<br><b>photo_deletion_mode</b> can be "no_delete" (may create orphan photos), "delete_orphans"
    476 (default mode, only deletes photos linked to no other album) or "force_delete" (delete all photos, even those linked to other albums)'
     504(default mode, only deletes photos linked to no other album) or "force_delete" (delete all photos, even those linked to other albums)',
     505      null,
     506      array('admin_only'=>true, 'post_only'=>true)
    477507    );
    478508
     
    486516        ),
    487517      '<b>Admin & POST only.</b> Move album(s).
    488 <br>Set parent as 0 to move to gallery root. Only virtual categories can be moved.'
     518<br>Set parent as 0 to move to gallery root. Only virtual categories can be moved.',
     519      null,
     520      array('admin_only'=>true, 'post_only'=>true)
    489521    );
    490522
     
    496528        'image_id' =>     array('type'=>WS_TYPE_ID),
    497529        ),
    498       '<b>Admin & POST only.</b> Sets the representative photo for an album. The photo doesn\'t have to belong to the album.'
     530      '<b>Admin & POST only.</b> Sets the representative photo for an album. The photo doesn\'t have to belong to the album.',
     531      null,
     532      array('admin_only'=>true, 'post_only'=>true)
    499533    );
    500534
     
    503537      'ws_tags_getAdminList',
    504538      null,
    505       '<b>Admin only.</b> '
     539      '<b>Admin only.</b>',
     540      null,
     541      array('admin_only'=>true)
    506542    );
    507543
     
    510546      'ws_tags_add',
    511547      array('name'),
    512       '<b>Admin only.</b> Adds a new tag.'
     548      '<b>Admin only.</b> Adds a new tag.',
     549      null,
     550      array('admin_only'=>true)
    513551    );
    514552
     
    521559        ),
    522560      '<b>Admin only.</b>  Checks existence of images.
    523 <br>Give <b>md5sum_list</b> if $conf[uniqueness_mode]==md5sum. Give <b>filename_list</b> if $conf[uniqueness_mode]==filename.'
     561<br>Give <b>md5sum_list</b> if $conf[uniqueness_mode]==md5sum. Give <b>filename_list</b> if $conf[uniqueness_mode]==filename.',
     562      null,
     563      array('admin_only'=>true)
    524564    );
    525565
     
    534574        ),
    535575      '<b>Admin only.</b> Checks if you have updated version of your files for a given photo, the answer can be "missing", "equals" or "differs".
    536 <br>Don\'t use "thumbnail_sum" and "high_sum", these parameters are here for backward compatibility.'
     576<br>Don\'t use "thumbnail_sum" and "high_sum", these parameters are here for backward compatibility.',
     577      null,
     578      array('admin_only'=>true)
    537579    );
    538580
     
    541583      'ws_images_checkUpload',
    542584      null,
    543       '<b>Admin only.</b> Checks if Piwigo is ready for upload.'
     585      '<b>Admin only.</b> Checks if Piwigo is ready for upload.',
     586      null,
     587      array('admin_only'=>true)
    544588    );
    545589
     
    567611<br><b>single_value_mode</b> can be "fill_if_empty" (only use the input value if the corresponding values is currently empty) or "replace"
    568612(overwrite any existing value) and applies to single values properties like name/author/date_creation/comment.
    569 <br><b>multiple_value_mode</b> can be "append" (no change on existing values, add the new values) or "replace" and applies to multiple values properties like tag_ids/categories.'
     613<br><b>multiple_value_mode</b> can be "append" (no change on existing values, add the new values) or "replace" and applies to multiple values properties like tag_ids/categories.',
     614      null,
     615      array('admin_only'=>true, 'post_only'=>true)
    570616    );
    571617
     
    578624        'comment' =>      array('default'=>null),
    579625        ),
    580       '<b>Admin & POST only.</b> Changes properties of an album.'
     626      '<b>Admin & POST only.</b> Changes properties of an album.',
     627      null,
     628      array('admin_only'=>true, 'post_only'=>true)
    581629    );
    582630 
     
    585633      'ws_plugins_getList',
    586634      null,
    587       '<b>Admin only.</b> Gets the list of plugins with id, name, version, state and description.'
     635      '<b>Admin only.</b> Gets the list of plugins with id, name, version, state and description.',
     636      null,
     637      array('admin_only'=>true)
    588638    );
    589639
     
    596646        'pwg_token' => array(),
    597647        ),
    598       '<b>Admin only.</b>'
     648      '<b>Admin only.</b>',
     649      null,
     650      array('admin_only'=>true)
    599651    );
    600652
     
    607659        'pwg_token' => array(),
    608660        ),
    609       '<b>Admin only.</b>'
     661      '<b>Admin only.</b>',
     662      null,
     663      array('admin_only'=>true)
    610664    );
    611665
     
    619673        'pwg_token' => array(),
    620674        ),
    621       '<b>Webmaster only.</b>'
     675      '<b>Webmaster only.</b>',
     676      null,
     677      array('admin_only'=>true)
    622678  );
    623679
     
    634690        'pwg_token' =>  array(),
    635691      ),
    636       '<b>Webmaster only.</b> Ignores an extension if it needs update.'
     692      '<b>Webmaster only.</b> Ignores an extension if it needs update.',
     693      null,
     694      array('admin_only'=>true)
    637695  );
    638696
     
    641699      'ws_extensions_checkupdates',
    642700      null,
    643       '<b>Admin only.</b> Checks if piwigo or extensions are up to date.'
     701      '<b>Admin only.</b> Checks if piwigo or extensions are up to date.',
     702      null,
     703      array('admin_only'=>true)
    644704  );
    645705}
Note: See TracChangeset for help on using the changeset viewer.